Privacy Policy
Last updated: 09.04.2026
1. Data Controller
Oshoppo AS (Org. No. 924 825 027), operating under the brand name Nyrge, is the data controller for personal data collected through nyrge.com and the Nyrge platform.
Contact:
Oshoppo AS / Nyrge
Skien, Telemark, Norway
Email: hei@nyrge.com
2. Who This Policy Applies To
This privacy policy applies to:
- Visitors to nyrge.com — anyone who visits our website
- Customers (SaaS subscribers) — businesses using the Nyrge platform to run their website
- End users of customer sites — people who visit, shop at, or register on websites hosted by Nyrge customers
3. Personal Data We Collect
3.1 Visitors to nyrge.com
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Name, email, phone, message | Responding to inquiries via the contact form | Consent / legitimate interest |
| Anonymised visitor statistics | Improving the website | Legitimate interest |
| Essential cookies | Technical functionality | Necessary for the service |
3.2 Customers (SaaS Subscribers)
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Company name, contact person, email, phone | Creating and managing the customer relationship | Contract |
| Payment information (via Stripe) | Billing and subscription management | Contract |
| Content in the admin panel | Delivering the service | Contract |
| Usage data and login logs | Security and troubleshooting | Legitimate interest |
3.3 End Users of Customer Sites
When a business uses the Nyrge platform to run their website, Nyrge acts as a data processor on behalf of the customer (who is the data controller for their own users). This may include:
- Contact form submissions
- Customer registrations and order history (e-commerce)
- Bookings and membership information
- CRM data (contact lists, communication logs)
- Chat messages
Nyrge processes this data solely under the customer's instructions and in accordance with our data processing agreement.
4. Third Parties and Sub-processors
We use the following third-party services that may process personal data:
| Service | Purpose | Location |
|---|---|---|
| Microsoft Azure | Hosting of websites and databases | Norway (Norway East, Oslo) |
| Stripe | Payment processing | EU/EEA |
| Mailgun | Transactional and marketing email delivery | EU |
| Bunny Fonts | Web fonts (GDPR-friendly alternative to Google Fonts) | EU |
| Fiken | Accounting integration (optional add-on) | Norway |
We do not use Google Analytics, Facebook Pixel, or other third-party tracking tools. Visitor statistics are collected using our own system without cookies.
5. Cookies
Nyrge.com and customer sites hosted on the platform only use essential cookies for technical functionality (session management, login, CSRF protection).
Customer sites can enable a cookie consent banner with four categories (essential, analytical, functional, marketing). The customer is responsible for configuring this according to their needs.
6. Data Retention and Deletion
- Contact form submissions: Deleted after 12 months
- Customer data (SaaS): Retained for the duration of the customer relationship. Upon cancellation, data is deleted within 30 days after the end of the subscription period
- End-user data on customer sites: Deleted according to the customer's own policies, or upon termination of the customer's subscription
- Server logs: Automatically deleted after 90 days
- Payment data: Handled by Stripe according to their retention policies and legal requirements
7. Your Rights
Under the GDPR, you have the following rights:
- Access: You can request a copy of the personal data we hold about you
- Rectification: You can request that inaccurate data be corrected
- Erasure: You can request that your data be deleted
- Restriction: You can request restricted processing
- Data portability: You can request your data in a machine-readable format
- Objection: You can object to processing based on legitimate interest
To exercise your rights, contact us at hei@nyrge.com. We will respond within 30 days.
Complaints: You have the right to file a complaint with the Norwegian Data Protection Authority (datatilsynet.no) if you believe our processing of your personal data violates the regulations.
8. Security
We take security seriously and have implemented the following measures:
- All traffic is encrypted with SSL/TLS
- Data is stored on servers in Norway (Azure Norway East)
- Access control with encrypted passwords and CSRF protection
- Daily backups of all data
- API keys and sensitive data are encrypted in the database
9. Changes
We may update this privacy policy as needed. Significant changes will be communicated via email to registered customers. The date at the top shows the last update.
10. Contact
Questions about privacy? Get in touch:
Oshoppo AS / Nyrge
Org. No: 924 825 027
Email: hei@nyrge.com
Address: Skien, Telemark, Norway